Public key cryptography using matrices

ABSTRACT

The invention provides techniques for secure messages transmission using a public key system to exchange secret keys. A first entity creates public and private keys by generating a product n of two large, randomly chosen prime numbers, and then generating random matrices {A, C}, in the group GL(r,Z n ) with a chosen matrix rank r such that AC is not equal to CA, and then generating a matrix B=CAC, and finding a matrix G that commutes with C. Matrices A, B, G and the integers n and r are then published as the public key and matrix C is then kept as the private key. A second entity then obtains the public key and calculates a secret matrix D that commutes with G, and further calculates the matrices K=DBD and E=DAD. The message to be sent is then encrypted using matrix K as the secret key and then sent to the first entity with matrix E. First entity then retrieves secret matrix K using K=CEC and then decrypts the received encrypted message using the retrieved secret matrix K.

FIELD OF THE INVENTION

[0001] The present invention relates to data communications, and moreparticularly to cryptography for secure data transmission.

BACKGROUND OF THE INVENTION

[0002] Electronic messages are generally transmitted between remotecorrespondents via a communications system typically including a networkof interconnected computers. Such messages are readily intercepted andviewed by others using the network. Thus, correspondents desiringprivacy may encrypt or encode a message such that only the recipient candecrypt or decode the message to view the contents.

[0003] In a public key encryption system, a person wishing to receiveencrypted messages (a potential recipient) is able to generate a specialset of numeric values. Some of these numeric values are published by therecipient as a public key and the remaining numeric values are kept asthe recipient's private key. A second person (a sender) wishing to sendan encrypted message to the recipient, first obtains the recipient'spublic key, and then encrypts a message using this public keyinformation. The message is then sent to the recipient. The recipient isthen able to use his or her private key information to decrypt theencrypted message much more rapidly than a message eavesdropper who doesnot have the private key information. In all public key schemes known,there is a mathematical relationship between the private key and thepublic key. Finding the private key via the mathematical relationshipcan be made arbitrarily difficult at the expense of encryption and/ordecryption performance.

[0004] A well-known encryption technique is disclosed in U.S. Pat. No.4,405,829 to Rivest et al., which is incorporated by reference. Thetechnique is also known as the RSA public key system. The RSA algorithmperforms integer arithmetic modulo n, where n is a product of two large,randomly chosen prime numbers. A recipient generates a private exponentkey using knowledge of the prime factors and a chosen public exponent.The public exponent and modulus n is published as the public key. Themessage sender uses the public key information to break up messages intopieces, each of which is numerically encoded in an agreed-on format tolie in the modulus range. The sender then takes each piece of themessage as a numeric value and raises it to the public exponent, withthe result calculated as modulo n. The result of encoding each piece isan encrypted value.

[0005] The above-described “power-mod” process is generally fast forsmall powers, so public exponents, tend to be relatively small comparedto n. The sender then packs all the values in an agreed-on format toform the encrypted message. The recipient takes the message and breaksit up into the same sets of encrypted values modulo n. For each value,the recipient raises the encrypted message to their private exponentmodulo n. This results in using the power-mod function again. Eachresulting value is then unpacked to reclaim the original encryptedmessage.

[0006] To ensure security, n must be chosen so that factorization intoits prime factors is not feasible using the fastest known algorithms. Ifn's factors can be found, then the private exponent can be easilycalculated. Unfortunately, in terms of performance, the private exponentis generally a large number less than the modulus n, and the power-modfunction is relatively slow for large n when compared withmultiplication.

[0007] For a secure 1024-bit modulus n, a typical 1 GHz processor canencrypt data using the RSA algorithm with a secure public exponent of2¹⁶+1 at a rate of around 125,000 bits per second. Decryption is around50 times slower at about 2,500 bits per second. This decryptionperformance may be adequate for non-real time systems, particularly if apublic key is used to encrypt a secret symmetric-key and send it to therecipient first. All subsequent information then can be encrypted usingthe symmetric-key, which improves performance, as symmetric-keyalgorithms are generally much faster.

[0008] In her book, “In Code: A Mathematical Journey”, (ISBN0-7611-2384-9) Sarah Flannery describes what she calls the “CayleyPurser” public key algorithm in Appendix A which requires findingmatrices A and C in GL(2, Z_(n)) that are not multiplicativelycommutative, i.e.:

AC≢CA

[0009] The algorithm then requires generating matrix B using:

B=(C ⁻¹ A ⁻¹ C)mod n  (A1)

[0010] The algorithm further requires generating the matrix G using:

G=(C^(k))

[0011] Where k is a chosen integer greater than 1 or less than −1 sothat matrix C cannot be trivially found from matrix G. The C matrix isthe private key. {A, B, G, n} form the public key. The matrix rank isassumed to be 2. In the Postscript of Appendix A [see [6.3], pages290-292], Flannery describes a security flaw in her algorithm becausewhen calculating matrix B above, the matrices to the left and right ofmatrix A in equation (A1) are relatively inverse to each other, so thatany linear multiple of C (modulo n) is also a solution to equation (A1).

[0012] In many network applications, client-server models of computerinteractions over networks use context-less servers, where the serverknows nothing about the client, so all context-specific information iskept on client systems. Cookies are an example of client contextinformation, which are kept on client systems instead of web servers.

[0013] The original IP (Internet Protocol) packet transmission protocolis a session-less packet transmission protocol used widely on theInternet. Any concept of communications sessions is kept at a higherlevel, for example, in applications such as TCP (Transmission ControlProtocol). The secure version of IP, called IPSec, is an extremelycomplex protocol, designed for all applications requiring use of IP. Itis therefore used in a session-less manner, i.e., it is not informedwhen communication sessions begin and end. To minimize the slowness ofpublic key systems, IPSec frequently uses secret (symmetric) keyencryption and decryption, where the same key is used to both encryptand decrypt a message. This in turn requires a secret key exchange,followed by keeping secret keys at both ends of the securecommunications path for a period of time that is invisible at theapplication layer. This secret key persistence is termed a SA (SecurityAssociation). SAs are not instantiated at the application level, butmust occur and be maintained by IPSec itself, while IPSec is being usedin a session-less manner by applications. This makes maintenance of asecurity state on a multi-client system such as a web server a verycomplex task, requiring expiring and overlapping SAs, and increased useof processor and memory resources.

[0014] To provide context-less servers with public-key encryption, it isdesirable not to keep client-specific private symmetric-keys on theserver. In this case, the slow decryption rate of public keys can be aproblem, even when they are used only to exchange a secret key. Further,the processing requirements for performing simultaneous encryption anddecryption should be reduced, allowing for use in low-powerapplications, such as cell phones, or web-based radio communicationsystems, such as, blue-tooth and wire-less LAN.

[0015] Thus, there is a need for a public key system that can performboth encryption and decryption with relatively fewer calculations, whichcan result in a higher encryption/decryption throughput, and/or lowerpower consumption.

SUMMARY OF THE INVENTION

[0016] The present invention provides techniques for secure datatransmission using a public key system. In one aspect, the inventionprovides methods for providing a secure data transmission using a publickey system. In one embodiment of the methods, a first entity desiring toreceive one or more messages securely creates a public key. This isaccomplished by selecting two large prime numbers p and q andcalculating a modulus n=pq. Two random matrices A and C in GL(2, Z_(n))are then generated such that AC does not equal CA. Using the generatedmatrices A and C, another matrix B is then generated such that B=CAC.Using matrix C, yet another matrix G is then generated that ismultiplicatively commutative with C. Matrix C is then kept as theprivate key. Matrices A, B, and G and modulo n are then published as thepublic key. This published public key, including matrices A, B, and Gand modulo n are then obtained by a second entity that desires to sendone or more messages securely to the first entity. The second entitythen calculates a first random secret matrix D that commutes withobtained matrix G, i.e. DG=GD. The second entity then calculates asecond secret matrix K and a message matrix E using the obtainedmatrices A, B, and G. The one or more messages to be sent are thenencrypted using a pre-determined symmetric-key encryption technique.Predetermined symmetric-key encryption techniques use the calculatedsecond secret matrix K as the secret key to encrypt the one or moremessages. The encrypted one or more messages along with the generatedmessage matrix E, is then sent to the first entity. The secret matrix Kis then retrieved by the first entity, using the received message matrixE and the kept private key C, as this entity is the only one that knowsthe value of the private key matrix C. Using the retrieved secret matrixK, the first entity then decrypts the encrypted message using apre-determined symmetric-key algorithm to obtain the transmitted data.

[0017] Another aspect of the present invention is a computer-readablemedium having computer-executable instructions, for secure datatransmission using a public key system. In one aspect, the inventionprovides methods for providing secure data transmission using a publickey system. According to the method, a first entity desiring to receiveone or more messages securely creates a public key. This is accomplishedby selecting two large prime numbers p and q and calculating a modulusn=pq. Two random matrices A and C in GL(2, Z_(n)) are then generatedsuch that AC does not equal to CA. Using the generated matrices A and C,another matrix B is then generated such that B=CAC. Using matrix C, yetanother matrix G is then generated that is multiplicatively commutativewith C. Matrix C is then kept as the private key. Matrices A, B, and Gand modulo n are then published as the public key. This published publickey, including matrices A, B, and G and modulus n are then obtained by asecond entity that desires to send one or more messages securely to thefirst entity. The second entity then calculates a first secret matrix Dthat commutes with obtained matrix G, i.e. DG=GD. The second entity thencalculates a second secret matrix K and a message matrix E using theobtained matrices A, B, and G. The one or more messages to be sent arethen encrypted using a pre-determined symmetric-key encryptiontechnique. Predetermined symmetric-key encryption techniques uses thecalculated second secret matrix K as the secret key to encrypt the oneor more messages. The encrypted one or more messages along with thegenerated message matrix E is then sent to the first entity. The secretmatrix K is then retrieved by the first entity, using the receivedmessage matrix E and the kept private key C, as this entity is the onlyone that knows the value of the private key matrix C. Using theretrieved secret matrix K, the first entity then decrypts the encryptedmessage using a pre-determined symmetric-key algorithm to obtain thetransmitted data.

[0018] Another aspect of the present invention is a computer system forsecure message transmission. The computer system comprises a processor,an output device, and a storage device to store instructions that areexecutable by the processor to perform a method. According to themethod, a first entity desiring to receive one or more messages securelycreates a public key. This is accomplished by selecting two large primenumbers p and q and calculating a modulus n=pq. Two random matrices Aand C in GL(2, Z_(n)) are then generated such that AC does not equal CA.Using the generated matrices A and C, another matrix B is then generatedsuch that B=CAC. Using matrix C, yet another matrix G is then generatedthat is multiplicatively commutative with C. Matrix C is then kept asthe private key. Matrices A, B, and G and modulo n are then published asthe public key. This published public key, including matrices A, B, andG and modulus n are then obtained by a second entity that desires tosend one or more messages securely to the first entity. The secondentity then calculates a first secret matrix D that commutes withobtained matrix G, i.e. DG=GD. The second entity then calculates asecond secret matrix K and a message matrix E using the obtainedmatrices A, B, and G. The one or more messages to be sent are thenencrypted using a pre-determined symmetric-key encryption technique.Predetermined symmetric-key encryption techniques use the calculatedsecond secret matrix K as the secret key to encrypt the one or moremessages. The encrypted one or more messages along with the generatedmessage matrix E is then sent to the first entity. The secret matrix Kis then retrieved by the first entity, using the received message matrixE and the kept private key C, as this entity is the only one that knowsthe value of the private key matrix C. Using the retrieved secret matrixK, the first entity then decrypts the encrypted message using apre-determined symmetric-key algorithm to obtain the transmitted data.

[0019] In yet another aspect, the invention provides a cryptographiccommunication system. In one embodiment, the system includes a receivercomputing platform to generate the public key including matrices A, B,C, and G, and modulus n. In this embodiment, the receiver computingplatform desiring to receive messages selects two large prime numbers pand q and calculates a modulus n=pq. The receiver computing platformthen generates two random matrices A and C in GL(2, Z_(n)) such that ACdoes not equal CA. Using the generated matrices A and C, the receivercomputing platform generates another matrix B such that B=CAC. Usingmatrix C, yet another matrix G is then generated that ismultiplicatively commutative with C. Matrix C is then kept as theprivate key by the receiver computing platform. Matrices A, B, and G andmodulus n are then published as the public key by the receiver computingplatform. A sender desiring to send messages securely to the receivercomputing platform then obtains the published public key, includingmatrices A, B, and G and modulus n. The sender then calculates a firstsecret matrix D that commutes with obtained matrix G, i.e. DG=GD. Thesender then calculates a second secret matrix K and a message matrix Eusing the obtained matrices A, B, and G. The messages to be sent arethen encrypted using a pre-determined symmetric-key encryptiontechnique. Predetermined symmetric-key encryption techniques use thecalculated second secret matrix K as the secret key to encrypt the oneor more messages. The encrypted one or more messages, along with thegenerated message matrix E, is then sent to the receiver computingplatform. The secret matrix K is then retrieved by the receivercomputing platform, using the received message matrix E and the keptprivate key C, as this receiver computing platform is the only one thatknows the value of the private key matrix C. Using the retrieved secretmatrix K, the receiver computing platform then decrypts the encryptedmessage using a pre-determined symmetric-key algorithm to obtain thetransmitted data by the sender.

[0020] Additional advantages and features of the present invention willbe more apparent from the detailed description and accompanyingdrawings, which illustrate preferred embodiments of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

[0021]FIG. 1 is a flowchart illustrating one embodiment of generatingand publishing a public key for secure data transmission according tothe claimed subject matter.

[0022]FIG. 2 is a flowchart illustrating one embodiment of encryptingdata to be transmitted using the published public key shown in FIG. 1according to the claimed subject matter.

[0023]FIG. 3 is a flowchart illustrating one embodiment of decryptingthe transmitted encrypted data shown in FIG. 2 according to the claimedsubject matter.

[0024]FIG. 4 is an illustration including a vector diagram of oneembodiment of an exchange of secret matrix K between a sender and areceiver according to the claimed subject matter.

[0025]FIG. 5 is a schematic diagram illustrating an example embodimentof a secure data transmission system according to the claimed subjectmatter.

[0026]FIG. 6 is a block diagram of an exemplary computer systemimplementing embodiments of the present invention, such as those shownin FIGS. 1-5.

DETAILED DESCRIPTION OF THE INVENTION

[0027] In the following detailed description, reference is made tovarious specific embodiments in which the invention may be practiced.These embodiments are described with sufficient detail to enable thoseskilled in the art to practice the invention, and it is to be understoodthat other embodiments may be employed, and that structural, logical,electrical, and process changes may be made without departing from theteachings of the invention.

[0028] In the foregoing description of the preferred embodiments,various features of the invention are grouped together in a singleembodiment for the purpose of streamlining the disclosure. This methodof disclosure is not to be interpreted as reflecting an intention thatthe claimed invention requires more features than are expressly recitedin each claim. Rather, as the following claims reflect, inventiveaspects lie in less than all features of a single disclosed embodiment.Thus, the following claims are hereby incorporated into the descriptionof the preferred embodiments, with each claim standing on its own as aseparate preferred embodiment of the invention.

Basic Terms and Notations

[0029] Lower case characters in the following description representintegers. Upper case characters represent matrices. { } denotes acomma-separated set of values. Square matrices form rings under additionand multiplication because they have the following properties: (A + B) +C = A + (B + C) ; associative under addition A + B = B + A ; commutativeunder addition A + 0 = A ; the 0 matrix (with rank matching A) forms theadditive identity A + (−A) = 0 ; the additive inverse of A is −A. Theysum to the 0 matrix A(BC) = (AB)C ; associative property AI = IA = A ; a(multiplicative) identity matrix I exists which commutes with all AA(B + C) = AB + AC ; right distributive (A + B)C = AC + BC ; leftdistributive

[0030] Matrices form a group under multiplication when, in addition tothe properties of rings above, the following is also true:

AA ⁻¹ =A ⁻¹ A=I

[0031] In other words, for every member of the group A, a unique(multiplicative) inverse matrix exists. Matrices of rank r with integerelements (i.e. elements in Z) are referred to as Mat(r,Z). Matrices withelements in Z, modulo n, are referred to as Mat(r,Z_(n)). Squarematrices of rank r with elements in Z modulo n, and for which an inversematrix exists, are said to belong to the General Linear groupGL(r,Z_(n)).

[0032] The (multiplicative) inverse k⁻¹ of an integer k is calculated,modulo n, (note: the term “reciprocal” is otherwise used when notworking in the ring of integers modulo n), such that:

kk ⁻¹≡1(mod n)

[0033] The value k⁻¹ is an integer, and it exists and can be found aslong as GCD(n,k)=1, where the well-known GCD( ) function finds theGreatest Common Divisor of {n,k}. The inverse of k therefore depends onn, very different from the reciprocal of k. The well-known Extended GCD() algorithm is used to actually find multiplicative inverses. If theextended GCD(n,k) returns a value not equal to 1 (an extremely unlikelychance for large n), then the value is a factor of n. The Extended GCDfunction is also used in matrix inversion, where all elements in theinverse matrix require multiplication by the multiplicative inverse ofthe determinant of the input matrix, modulo n.

[0034] The present invention provides techniques for secure datatransmission using a public key system. An embodiment of a method of thepresent invention is described using FIGS. 1-3. The flowchartsillustrated in FIGS. 1-3 include operations, which are arranged seriallyin the exemplary embodiment. Many operations in the flowcharts showcalculations of results that depend on other previous results. Anyre-ordering of these calculations in an embodiment which maintains thesedependencies must be viewed as falling under the scope of thisinvention. However, other embodiments of the invention may execute twoor more operations in parallel using multiple processors or a singleprocessor organized as two or more virtual machines or sub-processors.Moreover, still other embodiments may implement the operations as two ormore specific interconnected hardware modules with related control anddata signals communicated between and through the modules, or asportions of an application-specific integrated circuit. Thus, theexemplary process flow is applicable to software, firmware, and hardwareimplementations.

[0035]FIG. 1 is a flowchart illustrating one example embodiment of aprocess 100 of generating and publishing a public key for secure datatransmission according to the present invention.

[0036] The process begins with operation 110 by finding two uniquerandom secret prime numbers p and q. Operation 120 includes generatingan integer modulus n using prime numbers p and q. The modulus n iscomputed according to the equation:

n=p*q  (1)

[0037] Generally, large prime numbers are chosen for p and q to preventeasy factorization of n to obtain the set of factors {p,q}. Note: if{p,q} are revealed to an attacker, then the roots of integers in Z_(n)can be found rapidly, and at that point the public key is insecure. Inthese embodiments, the chosen prime numbers may be discarded aftercomputing modulus n, or they can be kept to speed up message decryptionusing the well-known Chinese Remainder Algorithm.

[0038] All matrices described in the present invention belong to theclosed Linear Group of matrices GL(r,Z_(n)), unless otherwise stated.

[0039] Operation 130 includes generating two matrices {A, C} inGL(r,Z_(n)), such that:

AC≠CA  (2)

[0040] i.e. matrices {A, C} are a pair of matrices that are notmultiplicatively commutative modulo n. Note that some randomly chosenpairs of matrices are commutative, but this is statistically veryunlikely for large n. For example, a matrix commutes with itself, andtherefore with any matrix which is a power of itself. Non-commutativebehavior is different than integer multiplication. In the later case,the order of multiplication makes no difference to the product obtained.Wherein r is the rank of matrices and Z_(n) denotes elements in integermodulo n.

[0041] To ensure that matrices {A, C} are both in GL(r,Z_(n)), bothmatrix determinants should be tested for relative primeness to n(determined using a GCD algorithm). Note that 0 is divisible by n, soGCD(0,n)=n and therefore 0 is not relatively prime to n. The chance offinding either i) commutative behavior or ii) common prime factors withn are extremely low for a large n, so checking for these properties maybe omitted. However, applying the checks allow algorithm implementationsto be reliably tested for a small n. Smaller rank matrices arepreferable (particularly r=2) because encryption and decryption isfaster. Higher rank matrices can be used (i.e., r>2), but they result inmore computation, larger minimum message sizes, and generally nosignificant improvement in security because, as is seen later, the bestway of breaking this type of encryption is to factorize n.

[0042] Operation 140 includes generating a matrix B in the group usingthe equation:

B=CAC  (3)

[0043] Wherein {A, C} are matrices found in operation 130.

[0044] Operation 150 includes generating a matrix G that ismultiplicatively commutative to C, modulo n, i.e. CG=GC. One embodimentof doing this uses the fact that powers of a matrix commute, so that:

G=C ^(k)  (4)

[0045] where k is an integer. To be provably secure, k must be even, andpreferably small (e.g., k=2) for faster key generation. If r=2, then kcannot be an odd number that is small or guessable. In all cases, kcannot belong to the set {−1, 0, 1}.

[0046] In another embodiment, G is generated using a linear combinationof powers of C up to r−1 using: $\begin{matrix}{G = {\sum\limits_{i = 0}^{r - 1}{u_{i}C^{i}}}} & (5)\end{matrix}$

[0047] where each of the r values of u_(i) are randomly generated valuesin Z_(n), and preferably with at least one u_(i)≠0 for i>0 so that Gdoes not commute with A. From (5), the number of combinations of u_(i)values gives the number of possible G matrices from a given C as n^(r).Generating truly random values in the inclusive range 0 to n−1 ispossible (at a fairly slow rate) on a computer, but hardware basedrandom number generators can give much better number generating rates.As random number generation is also needed for message encryption, thismay be a good alternative method. The generation of random numbers canbe a significant overhead for short messages, so hardware based randomnumber generators may be used to economically generate random sets ofvalues of u and v in equations (5) or sets of v in equation (6).

[0048] Operations 160 and 170 include keeping matrix C as the privatekey, and forming {A,B,G,n,r} as the public key, respectively. In astandardized algorithm, a known value of r (e.g., r=2) may be assumed,so r may not need to be in the public key. Operation 180 includespublishing the formed public key {A,B,G,n,r} for encrypting messages tobe transmitted.

[0049]FIG. 2 is a flowchart illustrating one embodiment of a process 200of encrypting data to be transmitted using the published public keyshown in FIG. 1 according to the present invention.

[0050] The process begins with operation 210 by obtaining the publishedkey A, B, G, and n, and matrix rank r for encrypting a message to betransmitted. Operation 220 includes generating a first random secretmatrix D that is commutative with the obtained matrix G. In someembodiments, the first random secret matrix D is generated using theequation: $\begin{matrix}{D = {\sum\limits_{i = 0}^{r - 1}{v_{i}G^{i}}}} & (6)\end{matrix}$

[0051] where G⁰=I, the identity matrix with the same rank as G, andv_(i) form a set of r secret and independently random integers modulo n,and at least one v_(i≠)0 for i>0 so that D does not commute with A.

[0052] Operation 230 includes generating a second secret key matrix Kusing the generated matrices B and D (later we shall see that K is ableto be found easily by the receiver, but not by an eavesdropper). Thesecond secret key matrix is computed according to the equation:

K=DBD  (7)

[0053] Operation 240 includes generating a message matrix E using thereceived public key matrix A, and the generated matrix D. The messagematrix E is generated according to the equation:

E=DAD  (8)

[0054] Operation 250 includes encrypting a message to be transmitted byapplying all or part of K from (7) as an encryption key in asymmetric-key encryption system. A symmetric-key encryption algorithmuses the same key to encrypt and decrypt a message, so if the messagerecipient can re-obtain K, then decryption is also possible. Examples ofsymmetric key ciphers include DES (Data Encryption Standard), IDEA(International Data Encryption Algorithm), FEAL (Fast Data EnciphermentAlgorithm), RC5, etc.

[0055] In one embodiment, a symmetric-key encryption algorithm includespartitioning and packaging an obtained message into a sequence ofunencrypted matrices U_(i). Then each of the unencrypted matrices areencrypted to form a series of corresponding encrypted matrices such thatU_(i)′=KU_(i)K.

[0056] Operation 260 includes transmitting the generated message matrixE along with the encrypted message. The one or more encrypted matricesmust be transmitted in a known index order.

[0057]FIG. 3 is a flowchart illustrating one embodiment of a process 300of decrypting the transmitted encrypted message shown in FIG. 2according to the present invention.

[0058] The process begins with operation 310 by receiving thetransmitted message matrix E along with the encrypted message. In someembodiments, operation 310 includes receiving the sequence of encryptedmatrices U_(i)′ obtained by using the symmetric-key encryptionalgorithm.

[0059] Operation 320 includes retrieving the second secret matrix Kusing the received message matrix E and the kept private key matrix C.The second secret matrix K is calculated according to the equation:

K=CEC  (9)

[0060] Operation 330 includes decrypting the received encrypted messageusing the retrieved second secret matrix K. In some embodiments, thereceived encrypted message is decrypted by applying all or part of Kfrom (9) as a decryption key in a symmetric-key encryption system.Symmetric-key encryption uses the same key to encrypt and decrypt amessage, so if the message recipient can re-obtain K, then decryption isalso possible. In some embodiments, the received encrypted message isdecrypted by obtaining a matrix Q that is the multiplicative inverse ofthe retrieved second secret matrix K using Q=K⁻¹. Obtained matrix Q isthen used to decrypt each of the obtained encrypted matrices U_(i)′ toretrieve the corresponding decrypted matrices U_(i) by using Q U_(i)′Q.Decrypted matrices U_(i) are then unpacked and concatenated to obtainthe transmitted message.

Proof that K Can be Found by the Receiver

[0061] By using (8) to eliminate E in (9), we get:

K=CDADC  (10)

[0062] From (4) or (5), C and G are multiplicatively commutative, andfrom (6), G commutes with D. Therefore C commutes with D, so that (10)can be rewritten as:

K=DCACD  (11)

[0063] From (3), we replace CAC with B to obtain:

K=DBD  (12)

[0064] which agrees with (7), proving that (9) correctly obtains K atthe receiver.

Proof of Security of the Public Key

[0065] The reason the modulus n is a product of two unknown primes isbecause it can be made extremely difficult to find its prime factors fora sufficiently large n, because it is well known that finding factors ofn is equivalent to finding roots modulo n. From (4), C may be found fromG if k is known or small. Therefore, the method cannot use a primenumber for n, as n is then its own prime factorization. The method coulduse values of n with more than two prime factors, but for a given sizeof n, such values are easier to factorize. Larger values of n requiremore accurate and slower computations. Therefore, for a givencomputational effort, the best security is obtained when two largerandom primes are used, with roughly comparable sizes. This type ofmodulus n is also the approach used in the RSA public key modulus, andsome other public key methods such as Rabin's scheme. As will be seenlater, the proof of security of the new public key algorithm also relieson the computational difficulty of finding square roots modulo n.

[0066] The Cayley Hamilton Theorem

[0067] Let A be an r×r matrix in Mat(r,Z), and p(x) be itscharacteristic polynomial. Then the Cayley Hamilton theorem states thatp(A)=0. The characteristic polynomial in x of a matrix A is given by:

p(x)=Determinant(A−xI)  (14)

[0068] where I is the identity matrix with the same rank as A (i.e.,I=A⁰).

[0069] Finding the Smallest Sets of Mutually Commutative Matrices

[0070] If a_(ij) represents the elements of a matrix A at row i, columnj, then for a rank r=2 matrix, the characteristic polynomial p(x) is:$\begin{matrix}{{{Determinant}\quad\begin{bmatrix}{a_{00} - x} & a_{01} \\a_{10} & {a_{11} - x}\end{bmatrix}} = {{\left( {a_{00} - x} \right)\left( {a_{11} - x} \right)} - {a_{01}a_{10}}}} & (15)\end{matrix}$

[0071] Collecting terms in x on the right, we obtain the characteristicpolynomial as:

p(x)=x ² −x(a ₀₀ +a ₁₁)+(a ₀₀−a₀₁ a ₁₀)  (16)

[0072] Substituting A for x (according to the Cayley-Hamilton theorem)and setting the result equal to 0 gives:

p(A)=A² −A(a ₀₀ +a ₁₁)+(a ₀₀a₁₁ −a ₀₁ a ₁₀)I=0  (17)

[0073] This result implies that A² can be expressed in the form:

A ² =k ₁ A+k ₂ I  (18)

[0074] i.e. the square of matrix A can be expressed as a linear sum of Aand the identity matrix. This also implies that:

A ³ =AA ² =A(k ₁ A+k ₂ I)=k₁ A ² +k ₂ A  (19)

[0075] The A² term in the right expression can be eliminated using (18)to give:

A ³ =k ₁(k ₁ A+k ₂ I)+k ₂ A=(k ₁ +k ₂)A+k ₁ k ₂ I  (20)

[0076] Continuing this procedure, it can be seen that any power of A canbe decomposed into a linear sum of A and I. Similar results can beobtained for higher rank matrices, where a matrix A of rank r has acharacteristic polynomial up to degree x^(r) which can be decomposedinto a linear sum of all powers of A from 0 to r−1, e.g., a rank matrixof any power can be decomposed into a linear sum of its powers from 0(the identity matrix) to 4. Therefore, for any A of rank r, and integerpower m: $\begin{matrix}{A^{m} = {\sum\limits_{i = 0}^{r - 1}{u_{i}A^{i}}}} & (21)\end{matrix}$

[0077] for some set of r values of u_(i). This result shows theequivalence between (4) and (5). Any equality in Mat(r, Z) is also truein GL(r, Z_(n)), so if B is a matrix in GL(r, Z_(n)), then the followingmust be true: $\begin{matrix}{B^{m} = {\sum\limits_{i = 0}^{r - 1}{u_{i}B^{i}}}} & (22)\end{matrix}$

[0078] This result also shows that any polynomial in B can be decomposedinto this form of sum. All combinations of r values of u_(i) modulo nwill then generate all the members of the commutative set. The number ofset members is given by:

members(n, r)=n ^(r)  (23)

[0079] members of the commutative set (but not all members of thecommutative set in some cases, as discussed later). This result agreeswith the number of matrices G that can be generated from all possiblecombinations of u_(i) and a given C in (5). This result is the minimumcommutative set size, and it is the guaranteed minimum number ofmatrices to search for secret matrix C (knowing G—another member of thesame commutative set) by brute force, should this approach be taken tobreak the public key. This is actually a far greater search space than abrute force search for prime factors of n, and is not a feasibleapproach to breaking the public key.

[0080] Each set contains all possible multiples of the identity matrix,modulo n, so the number of matrices that do not commute with any othersoutside of the set is:

ExclusiveMembers(n,r)=n ^(r) −n  (24)

[0081] For an r×r matrix with elements modulo n, the total number ofpossible matrices is:

matrices(n,r)=n^(r×r)  (25)

[0082] If the characteristic polynomical of the matrix A isfactorizable, then it can be expressed as a product of a set of lowerorder polynomials in x. If some product of a subset of these polynomialsis zero, then we have a reduced degree polynomial in A (compared with(21)) that is equal to zero, and the reduced polynomial is no longeruniquely characterized by the matrix A.

[0083] For example, a rank r=3 matrix A will have a cubic characteristicpolynomial with polynomial terms in x. If that polynomial isfactorizable, then it is possible for two of these roots to multiply tozero in the group when A is substituted for x. The existence of reduceddegree polynomials is only possible because of modulus n when working inGL(r, Z_(n)). This matrix A then has a reduced degree polynomial factor.

[0084] It is therefore possible for other matrices to have afactorizable characteristic polynomial that shares this same reduceddegree polynomial, so the members of these sets will also commute withthe set associated with matrix A. This proves the existence of largercommutative sets than defined in (23) when r>2. However, it is easy toshow that upper triangular or lower triangular matrices do not commutefor any GL(r, Z_(n)), so we know that we cannot chose a group where allmatrices commute. In fact, it can be shown that a minimum bound on thenumber of non-commutative sets is:

n ^(2(r−1))  (26)

[0085] For proof of security of the public key, it is sufficient to showthat there is a minimum number of members in each commutative set(making searches based on a known member of the set impossiblydifficult), and that more than one set exists, allowing largecombinations of pairs of non-commutative matrices A and C exist in (2).

[0086] Given the large number of non-commutative sets, it is also veryeasy to randomly generate suitable pairs of matrices {A,C} inGL(r,Z_(n)) needed in (2)—in fact, the chance that A and C belong to thesame commutative set is, from (26), 1 in n^(2(r−1)) or less, althoughthis is only relevant when considering the speed of generating publickeys, and is not relevant to public key security.

[0087] It is well known that finding the kth roots of G modulo n from(4) alone is equivalent to factorizing n, which is assumed to beimpossibly difficult for large enough n, even in the simplestnon-trivial case when k=2.

[0088] A more effective approach to breaking a key attempts to utilizeall known information about the public key, although in the process ofusing this information, it is then shown that within certainconstraints, the key can be proven to be secure. The following equationsapply to any k in (4) with rank r=2 matrices, and we later see that useof either small odd k or known odd k is insecure. First we define aknown M from the known matrices B and G in the public key:

M=BGB ⁻¹  (27)

[0089] From (3), B contains matrix A as a factor, and from (4), Gcommutes with C, so from (2) BG≠GB and therefore M≠G. Next we eliminateB from (27) using (3) to get:

M=(CAC)G(CAC)⁻¹  (28)

[0090] From (4), C and G must commute, so we swap the G with aneighboring C, and expand out the inverse matrices to get:

M=CAGCC ⁻¹ A ⁻¹ C ⁻¹ =CAGA ⁻¹ C ⁻¹  (29)

[0091] As C commutes with G and not matrix A, then G does not commutewith matrix A. The known matrix N is defined from known public keymatrices {A, G} as:

N=AGA⁻¹  (30)

[0092] As GA≠AG then N≠G. From (29) and (30), we get:

M=CNC ⁻¹  (31)

[0093] N contains matrix A as a factor, so CN≠NC and therefore M≠N. Theform of (31) is similar to the CP algorithm public key with the securityflaw. The following attack on the new algorithm is based on thistransformation, but unlike the CP algorithm, we later find that theattack applies only for odd, guessable values of k.

[0094] The form of (31) allows us to find a linear multiple of C, i.e.uC, but neither of {u, C} are known. However, unlike the CP algorithm,only when u²=1 mod n will the congruence (3) be satisfied, as the valuesof u do not cancel. This is the principal reason for the security of thenew algorithm for rank r=2 matrices.

[0095] From (4), G is a power of C, so the result (22) obtained from theCayley-Hamilton theorem allows the definition of G for matrices withrank r=2 to be expressed as a linear combination of the identity matrix(with matching rank r=2) and C as:

G=u ₀ I+u ₁ C  (32)

[0096] This relationship is implicit using (4) or explicit using (5) inthe public key generating algorithm, but method (5) generates theequivalent of raising C to a large, unknown power, k, so it is secure.However, it requires generating truly random numbers, so it is worthproving the security of (4). We now see how it may be possible to find Cfor rank r=2 matrices under certain circumstances. Note that from (5),higher rank matrices have too many unknowns in u_(i), so they are notvulnerable to this attack. However, higher rank matrices arecomputationally more expensive, so the r=2 case is the most useful tocharacterize. From (32), a linear multiple of C can be obtained in termsof unknown v_(i) values as:

v ₁ C=G+v ₀ I  (33)

[0097] From (31), multiply both sides by C on the right:

MC=CN  (34)

[0098] Scaling both sides by v₁:

M_(v1) C=v ₁ CN  (35)

[0099] and substituting for v₁ C from (33), we get:

M(G+v ₀ I)=(G+v ₀ I)N  (36)

[0100] Collecting terms with v_(o)I on the left, and others on the right({v₀, I}both commute with everything), we get:

v ₀ I(M−N)=GN−MG  (37)

[0101] so that

v ₀ I=(GN−MG)(M−N)⁻¹  (38)

[0102] We know that M≠N from (31), so either matrix inversion ispossible, or else n is factorized. From (33), and using (38) toeliminate v₀I, we get:

v ₁ C=G+(GN−MG)(M−N)⁻¹  (39)

[0103] The right side of (39) consists entirely of known matrices, andtherefore the product v₁C can be found. Multiplying with v₁ iscommutative, so the identity

v ₁ ² CACB ⁻¹=(v ₁ C)A(v ₁ C)B ⁻¹  (40)

[0104] is true, which simplifies on the left using (3), so we can findv₁ ² as:

v ₁ ² I=(v ₁ C)A(v ₁ C)B ⁻¹  (41)

[0105] From (39), we know v₁C, and we know {A,B} from the public key, sothe factor v₁ ² can be found. To break the key using (41), a square-rootof v₁ ² modulo n has to be found in order to find v₁, and then find Cfrom the known v₁C. Obtaining such a square root is known to beequivalent to factorizing n. Therefore, results (39) and (41) cannot beused as a basis for an attack on their own.

[0106] Now we make use of the relationship between C and G in (4):

(v ₁ C)^(k) =v ₁ ^(k) C ^(k) =v ₁ ^(k) G  (42)

[0107] so we can find:

v ₁ ^(k=() v ₁ C)^(k) G  (43)

[0108] as v₁C is known from (39), and G is known from the public key.

[0109] From (41), we know v₁ ², so if k is a finite unknown odd integer,then a search by repeated division of v₁ ² into v₁ ^(k) from (43) willeventually yield a remaining factor v₁. The value can be rapidlyverified as correct for each search step by squaring the obtained valueand comparing with v₁ ² in (41). If k is a known odd integer, then thenumber of times v₁ ² divided into v₁ ^(k−1) can be immediately found as(k−1)/2. Then v₁ ^(k−1) can be found easily using a power-mod functionbased on successive squarings of v₁. The multiplicative inverse of v₁^(k−1) is then obtained (modulo n) and multiplied by v₁ ^(k) from (43)to obtain v₁. Once v₁ is found, then C can be found from (39), and thepublic key is broken. If k is a large, unknown odd integer modulo n,then the key is secure against this particular attack, but its securityhas not been proved.

[0110] In the Cayley-Purser public key algorithm, generating the publickey by calculating C to the power k modulo n in (4) is a relatively slowoperation, particularly compared to multiplication for large k, so forefficient implementations with rank 2 matrices, k should be relativelysmall. For the public key to be secure in this case, k must be an even,non-zero integer. k=2 is the fastest value for calculating (4) that isalso secure from this attack. For higher rank matrices, the attack doesnot apply, but the same value of k=2 also works well.

[0111] Having proven that G can be generated using the CP public keyalgorithm, it has been shown that the code is not secure for rank 2matrices and for odd k that is known or guessable. We now prove thepublic key is secure for known even k. We do this by creating a publickey according to (1) . . . (3), and by generating a second public keyderived from the first one. We then show that finding C for both keys isequivalent to finding the {square root}{square root over (d)} modulo nfor a chosen d. In the derived public key, we assume the existence of anew secret matrix C′ that is related to C by:

C′={square root}{square root over (d)}C  (44)

[0112] and that both C′ and {square root}{square root over (d)} areunknown. Also, {A,n} are shared between the C and the derived C′ publickeys. Substituting C′ for C in (3), we get B′ of the derived key as:

B′=C′AC′  (45)

[0113] and eliminating C′ using (44), and collecting {squareroot}{square root over (d)} terms, we get:

B′=dCAC=dB  (46)

[0114] Note that B′ is calculated from {B,d,n}, and not from {squareroot}{square root over (d)} or C′, which are unknown when the key isgenerated.

[0115] By also substituting C′ for C in (4), and using the fact that kis even so k/2 is an integer, we get:

G′=(C′ ²)^(k/2)  (47)

[0116] Then we eliminate C′ using (44) to obtain:

G′=(dC ²)^(k/2)  (48)

[0117] By regrouping powers:

G′=d ^(k/2) C ^(k) =d ^(k/2) G  (49)

[0118] Note that G′ is calculated from {G,k,d,n} only (and not from{square root}{square root over (d)} and C′ which are unknown).

[0119] The following steps now complete the proof:

[0120] Step (a): A first public key is generated according to (1) . . .(4), and with a large composite n whose factors are unknown, so thepublic key {A,B,G,n} and the exponent k and private key matrix C are allknown.

[0121] Step (b): A second public key (related to the public keygenerated at Step (a)) is generated. First, a value d is chosen forwhich the value of {square root}{square root over (d)} is unknown modulon. The new public key consists of {A,B′,G′,n} where B′ is calculatedfrom B using (46), and G′ is calculated from G using (49) and the knownk. The values {A,n} are the same as in the key generated in Step (a).Note that neither the matrix C′ nor {square root}{square root over (d)}are used in generating either public key.

[0122] Step (c): The matrix C′ is “found” from all availableinformation—{A,B,B′,C,G,G′,d,k,n} using a hypothetical polynomial-timealgorithm. Note: if C′ cannot be found from these, then it certainlycannot be found from the derived public key {A,B′,G′,n}, which is asubset of the above set.

[0123] Step (d): The value of {square root}{square root over (d)} cannow be found from (44) using C generated in Step (a), and C′ found inStep (c) using:

{square root}{square root over (d)}I=C′C ⁻¹  (50)

[0124] Step (e): The value of {square root}{square root over (d)} wasnot involved in generating B′ or G′, so finding {square root}{squareroot over (d)} modulo n by finding C′ is equivalent to finding {squareroot}{square root over (d)} modulo n for a chosen d. If C′ can be foundin polynomial time, then this is computationally equivalent tofactorization in polynomial time, which is assumed to be impossible.Therefore, as all other steps are simple to perform, it is not possibleto find C′ in Step (c) in polynomial time, and no hypothetical algorithmfor rapidly breaking the public key exists.

[0125] QED

[0126] If the new public key could be broken, and factorization of ncould be achieved from Step (c), then the technique could be used tobreak RSA public keys, and Rabin's public key scheme, amongst others.

A Visual Analogy to Obtaining K at the Sender and Receiver

[0127]FIG. 4 is a vector diagram 400 that illustrates an analogy of howsecret matrix K is exchanged between a sender and a receiver accordingto the claimed subject matter. This diagram shows how, starting from thetop-left at matrix A, both the sender and receiver can arrive at thesame matrix K on the bottom right, by following two different pathsaround a parallelogram. The lengths and directions of each side of theparallelogram represent operators applied to one matrix to obtainanother.

[0128]FIG. 4 shows the C( )C operator as two vectors representing theshorter sides 415 and 435 of the parallelogram, and the D( )D operatoras two vectors representing the longer sides 422 and 424. The importantthing to notice is that the vectors on opposite sides of theparallelogram are the same direction and length, although their depicteddirections and lengths are for illustrative purposes only. In actuality,the operators are multiplicative rather than additive, so FIG. 4represents a kind of ‘log’ of the operators, allowing vector lengthaddition to be used. Also, the present invention uses matrices in thegroup GL(r, Z_(n)), which cannot actually be rendered onto atwo-dimensional surface.

[0129]FIG. 4 illustrates a far left portion 410, a middle portion 420,and a far right portion 430. The far left portion 410 of the vectordiagram 400 illustrates using a vector 415 to represent operator C( )Cas a function applied to A to obtain B=C(A)C as in (3). The length anddirection of the vector represents the scaling affect of the C( )Coperator, and is uniquely determined by secret matrix C.

[0130] The middle portion 420 of the vector diagram 400 assumes thesender has obtained the published public key transmitted by thereceiver, and is using it to generate a first random secret matrix Dthat is commutative with the kept matrix C and generated matrix G. Thesender does not know the direction of the operator vector C( )C, butdoes know the two points in the parallelogram at {A,B} from thepublished public key. The message sender can then apply the D( )Doperator to the matrices {A,B} to obtain E=D(A)D from (8), and K=D(B)Dfrom (7), represented by scaling and rotating vectors 422 and 424 inFIG. 4. Note that the sender obtains K by traversing first the C( )Cpath from the top left at matrix A to B, and then the D( )D path from Bto K. The sender then encrypts messages to be transmitted using thegenerated second secret matrix K and transmits the encrypted messagesalong with the message matrix E.

[0131] The far right portion 430 of the vector diagram 400 illustratesthe receiver receiving the transmitted encrypted messages along with themessage matrix E from the sender. Vector diagram 400 further illustratesusing a vector 435 how, from the sender in the middle portion 420, thereceiver obtains the message matrix E via the D( )D path across the topof the parallelogram, from the starting point at matrix A. As thereceiver is also the public key generator, the C matrix is known. The C()C operator can then be applied to the E matrix to obtain the final pathdown to K. The Receiver's route to K from A is therefore via the D( )Dto E, and then the C( )C operator. This route around the parallelogramis different from the route that the sender took from A to K describedearlier. This is equivalent to saying that the C( )C and D( )D operatorscommute with each other—in other words, they can be applied in eitherorder from A to K. Also note that the receiver manages to obtain Kwithout knowing D, and similarly, the sender gets from A to K withoutknowing C.

[0132]FIG. 5 illustrates one embodiment of a system 500 used for securedata transmission according to the present invention. FIG. 5 includes anexample of a system 500 having a sender 510 coupled to a network 520. Inaddition, FIG. 5 includes a receiver computing platform 530 coupled tonetwork 520. Further, FIG. 5 includes a receiver 540 coupled to bothnetwork 520 and receiver computing platform 530. In some embodiments,sender 510, receiver computing platform 530, and receiver 540 arecoupled to network 520 through a transmission medium 550. Sender 510includes an encoder 515. Receiver computing platform 530 includes memory532 and a processor 534. Receiver 540 includes a decoder 545.Transmission media 550 may include, for example, fiber optic cable,category 5 (CAT-5) networking cabling, or wireless media such aswireless local area network (LAN).

[0133] In operation, processor 534 generates two matrices A and C ofrank r and with each element in the integers modulo n such that AC doesnot equal CA. In these embodiments, modulo n is obtained as a product oftwo unique randomly chosen secret prime number p and q. Also, in theseembodiments, r is the rank of the matrices A and C. Processor 534 thengenerates matrix B by using the generated matrices A and C such thatB=CAC. Process 534 further generates matrix G such that the generatedmatrix G is in the same multiplicatively commutative subgroups as matrixC. Processor 534 then publishes the generated matrices A, B, G, andmodulo n and matrix rank r as the public key and retains the generatedmatrix C as the private key. The generation of matrices A, B, C, G, andmodulo n and matrix rank r are explained in more detail with referenceto FIG. 1. In some embodiments, memory 534 stores the generated publicand private keys.

[0134] Encoder 515 desiring to transmit a secure message obtains thepublished pubic key including matrices A, B, G, and modulo n and matrixrank r through the network 550 to encrypt the message to be transmitted.Encoder 515 then generates a first random secret matrix D that ismultiplicatively commutative with the obtained matrix G. Encoder 515then generates a second secret matrix K using the generated matrices Band D. Encoder 515 then obtains a message to be transmitted securely andencrypts the obtained message using a symmetric-key algorithm by usingthe generated secret matrix K as the key. Encoder 515 then transmits thegenerated message matrix E along with the encrypted message. Thegeneration of first and second secret matrices D and K are explained inmore detail with reference to FIG. 2.

[0135] Decoder 545 desiring to receive the encrypted message receivesthe transmitted message matrix E and the encrypted message through thenetwork 550. Decoder 545 then retrieves the second secret matrix K usingthe received message matrix E and the privately kept matrix C. Decoder545 then decrypts the received encrypted message using the retrievedsecond secret matrix K with a symmetric-key decryption algorithm, toobtain the transmitted message. The process of using symmetric-keyencryption and decryption to encrypt and decrypt messages, respectively,is explained in more detail with reference to FIGS. 2 and 3.

[0136]FIG. 6 is a block diagram of a system according to one embodimentof the present invention. Computer system 600 contains a processor 610and a memory system 602 housed in a computer unit 605. Computer system600 is but one example of an electronic system containing anotherelectronic system, e.g., memory system 602, as a subcomponent. The userinterface components include a keyboard 620, a pointing device 630, amonitor 640, a printer 650, and a bulk storage device 660. It will beappreciated that other components are often associated with computersystem 600 such as modems, device driver cards, additional storagedevices, etc. It will further be appreciated that processor 610 andmemory system 602 of computer system 600 can be incorporated on a singleintegrated circuit. Such single-package processing units reduce thecommunication time between the processor and the memory circuit. Any ofthese components of the system may contain a memory device that storesinstructions that can be executed by a processor to perform the securedata transmission of the present invention.

[0137] The above description illustrates preferred embodiments, whichachieve the features and advantages of the present invention. It is notintended that the present invention be limited to the illustratedembodiments. Modifications and substitutions to specific processconditions and structures can be made without departing from the spiritand scope of the present invention. Accordingly, the invention is not tobe considered as being limited by the foregoing description anddrawings, but is only limited by the scope of the appended claims.

What is claimed is:
 1. A method of generating a public key for securedata transmission, comprising: finding two unique randomly chosen secretprime numbers p and q; generating a modulus n by using the product of pand q; generating matrices A and C of rank r with each matrix element inthe integers modulo n such that AC is not equal to CA; generating amatrix B by using the generated matrices A and C such that B≡CAC;generating a matrix G such that the generated matrix G is in the samemultiplicatively commutative subgroup as C; keeping the generated matrixC as a private key; forming a public key using the generated matrices A,B, and G, the modulus n, and rank r; and publishing the formed publickey for encrypting messages to be transmitted.
 2. The method of claim 1,wherein the matrices A, B, C, and G are mathematically described asbelonging to a general linear group: GL(r, Z_(n)) wherein r is thematrix rank, and each matrix element is in the integers modulo n, andwhere an inverse matrix exists for each matrix in the group, and forwhich the group is closed under operations of matrix multiplication. 3.The method of claim 2, wherein the matrix rank r is greater than orequal to
 2. 4. The method of claim 1, wherein generating the matrix Gsuch that G is in the same multiplicatively commutative subgroup as C,comprises: generating the matrix G using the equation: G=C ^(k) whereink is a non-zero, even integer.
 5. The method of claim 1, whereingenerating the matrix G such that G is in the same multiplicativelycommutative subgroup as C, comprises: generating the matrix G using alinear combination of power of C up to r−1 using the equation:$G = {\sum\limits_{i = 0}^{r - 1}{u_{i}C^{i}}}$

wherein each of the r values of u, are randomly generated and secretintegers modulo n, and preferably with at least one u_(i)≠for i>0 sothat G does not commute with A.
 6. A method of generating a public keyfor cryptographic data transmission, comprising: finding two uniquerandomly chosen secret prime numbers p and q; generating a modulus n asa product of the found prime numbers p and q; generating matrices A andC of a predetermined matrix rank r with each matrix element in theintegers modulo n such that AC is not equal to CA; generating a matrix Bby using the generated matrices A and C such that B≡CAC; generating amatrix G such that the generated matrix G is in the samemultiplicatively commutative subgroup as C; keeping the generated matrixC as a private key; forming a public key using the generated matrices A,B, and G, and the modulus n; and publishing the formed public key forencrypting messages to be transmitted.
 7. The method of claim 6, whereinthe predetermined matrix rank r of the generated matrices A and C isassumed to be a known value of
 2. 8. The method of claim 6, whereingenerating the matrix G such that G is in the same multiplicativelycommutative subgroup as C, comprises: generating the matrix G using theequation: G=C ^(k) wherein k is a non-zero, even integer.
 9. The methodof claim 6, wherein generating the matrix G such that G is in the samemultiplicatively commutative subgroup as C, comprises: generating thematrix G using a linear combination of power of C up to r−1 using theequation: $G = {\sum\limits_{i = 0}^{r - 1}{u_{i}C^{i}}}$

wherein each of the r values of u_(i) are randomly generated and secretintegers modulo n, and preferably with at least one u_(i)≠0 for i>0 sothat G does not commute with A.
 10. A method of encrypting a messageusing a published public key, comprising: obtaining the published publickey including matrices A, B, G, and modulo n and matrix rank r forencrypting a message to be transmitted; generating a first random secretmatrix D that is multiplicatively commutative with the obtained matrixG; generating a second secret matrix K such that K=DBD; generating amessage matrix E such that E=DAD; obtaining a message to be sentsecurely; encrypting the obtained message using a symmetric-keyalgorithm by using the generated second secret matrix K as the key; andtransmitting the generated message matrix E along with the encryptedmessage.
 11. The method of claim 10, wherein encrypting the obtainedmessage using a symmetric-key algorithm further comprises: partitioningand packing the obtained message into a sequence of unencrypted matricesU_(i); and encrypting each of the unencrypted matrices to form asequence of corresponding encrypted matrices such that U_(i)′=KU_(i)K.12. The method of claim 10, wherein generating the first random secretmatrix D that is multiplicatively commutative with the obtained matrixG, comprises: generating the first random secret matrix D using theequation: $D = {\sum\limits_{i = 0}^{r - 1}{v_{i}G^{i}}}$

wherein G⁰=I, the identity matrix with the same rank as G, and v_(i)form a set of r secret and independently random integers modulo n, andat least one v_(i)≡0 for i>0 so that D does not commute with A.
 13. Amethod of encrypting a message using a published public key, comprising:obtaining the published public key including matrices A, B, G, andmodulo n for encrypting a message to be transmitted, wherein each of theobtained matrices have a predetermined matrix rank of r; generating afirst random secret matrix D that is multiplicatively commutative withthe obtained matrix G; generating a second secret matrix K such thatK=DBD; generating a message matrix E such that E=DAD; obtaining amessage to be sent securely; encrypting the obtained message using asymmetric-key algorithm by using the generated second secret matrix K asthe key; and transmitting the generated message matrix E along with theencrypted matrices.
 14. The method of claim 13, wherein encrypting theobtained message using a symmetric-key algorithm further comprises:partitioning and packing the obtained message into a sequence ofunencrypted matrices U_(i); and encrypting each of the unencryptedmatrices such that U_(i)′=KU_(i)K.
 15. The method of claim 14, whereinthe predetermined matrix rank r of the obtained matrices A and C isassumed to be a known value of
 2. 16. The method of claim 14, furthercomprising: receiving the transmitted message matrix E along with theone or more encrypted matrices; retrieving the second secret matrix Kusing the received message matrix E and the kept private key matrix C;and decrypting the one or more encrypted matrices using the retrievedsecond secret matrix K to obtain the transmitted messages.
 17. A methodof decrypting an encrypted message, comprising: receiving a transmittedmessage matrix E along with the encrypted message; retrieving the secondsecret matrix K=CEC using the received message matrix E and the keptprivate key matrix C; and decrypting the encrypted message using theretrieved second secret matrix K with a symmetric-key decryptionalgorithm to obtain the transmitted message.
 18. The method of claim 17,wherein receiving the encrypted message, comprises: obtaining a sequenceof encrypted matrices U_(i)′, wherein the sequence of encrypted matricesU_(i)′ are obtained using a symmetric-key encryption algorithm.
 19. Themethod of claim 18, wherein decrypting the encrypted message using theretrieved second secret matrix K with a symmetric-key decryptionalgorithm, comprises: obtaining a matrix Q=K⁻¹ as the multiplicativeinverse of the retrieved second secret matrix K; decrypting each of theobtained encrypted matrices U_(i)′ to obtain corresponding decryptedmatrices U_(i)=Q U_(i)′Q; and unpacking and concatenating each of thedecrypted matrices U_(i) to obtain the transmitted message.
 20. Acryptographic method of the type using matrices to encode and decodemessages, comprising: finding two unique randomly chosen secret primenumbers p and q; generating a modulus n by multiplying p and q;generating matrices A and C of rank r with each matrix element in theintegers modulo n such that AC is not equal to CA; generating a matrix Bby using the generated matrices A and C such that B=CAC; generating amatrix G such that the generated matrix G is in the samemultiplicatively commutative subgroup as C; keeping the generated matrixC as a private key; forming a public key using the generated matrices A,B, and G, and the modulus n, and rank r; publishing the formed publickey for encrypting messages to be transmitted; obtaining the publishedpublic key including matrices A, B, G, and modulo n and matrix rank rfor encrypting a message to be transmitted; generating a first randomsecret matrix D that is multiplicatively commutative with the obtainedmatrix G; generating a second secret matrix K such that K=DBD;generating a message matrix E such that E=DAD; obtaining a message to besent securely; encrypting the obtained message using a symmetric-keyalgorithm by using the generated second secret matrix K as the key;transmitting the generated message matrix E along with the encryptedmatrices; receiving a transmitted message matrix E along with encryptedmessage; retrieving the second secret matrix K using the receivedmessage matrix E and the kept private key matrix C; and decrypting theencrypted message using the retrieved second secret matrix K with asymmetric-key decryption algorithm to decrypt the received encryptedmessage.
 21. The method of claim 20, wherein the matrices A, B, C, and Gare mathematically described as belonging to a general linear group:GL(r, Z _(n)) wherein r is the matrix rank, and each matrix element isin the integers modulo n, and where an inverse matrix exists for eachmatrix in the group, and for which the group is closed under operationsof matrix multiplication.
 22. The method of claim 20, wherein generatingthe matrix G such that G is in the same multiplicatively commutativesubgroup as C, comprises: generating the matrix G using the equation:G=C^(k) wherein k is a non-zero, even integer.
 23. The method of claim20, wherein generating the first random secret matrix D that ismultiplicatively commutative with the obtained matrix G, comprises:generating the first random secret matrix D using the equation:$D = {\sum\limits_{i = 0}^{r - 1}{v_{i}G^{i}}}$

wherein G⁰=I, the identity matrix with the same rank as G, and v_(i)form a set of r secret and independently random integers modulo n, andat least one v_(i)≠0 for i>0 so that D does not commute with A.
 24. Amethod for secure message transmission, comprising: finding two uniquerandomly chosen secret prime numbers p and q; generating a modulus n byusing the product of p and q; generating matrices A and C of apredetermined matrix rank r and with each matrix element in the integersmodulo n such that AC is not equal to CA; generating a matrix B by usingthe generated matrices A and C such that B CAC; generating a matrix Gsuch that the generated matrix G is in the same multiplicativelycommutative subgroup as C; keeping the generated matrix C as a privatekey; forming a public key using the generated matrices A, B, and G, andthe modulus n; publishing the formed public key for encrypting messagesto be transmitted; obtaining the published public key including matricesA, B, G, and modulo n for encrypting a message to be transmitted;generating a first random secret matrix D that is multiplicativelycommutative with the obtained matrix G; generating a second secretmatrix K such that K=DBD; generating a message matrix E such that E=DAD;obtaining a message to be sent securely; encrypting the obtained messageusing a symmetric-key algorithm by using the generated second secretmatrix K as the key; transmitting the generated message matrix E alongwith the encrypted matrices; receiving a transmitted message matrix Ealong with the encrypted message; retrieving the second secret matrixK=CEC using the received message matrix E and the kept private keymatrix C; and decrypting the encrypted message using the retrievedsecond secret matrix K with a symmetric-key decryption algorithm todecrypt the received encrypted message.
 25. The method of claim 24,wherein the predetermined matrix rank r of the generated matrices A andC is a known integer value of greater than or equal to
 2. 26. The methodof claim 24, wherein generating the matrix G such that G is in the samemultiplicatively commutative subgroup as C, comprises: generating thematrix G using a linear combination of power of C up to r−1 using theequation: $G = {\sum\limits_{i = 0}^{r - 1}{u_{i}C^{i}}}$

wherein each of the r values of u_(i) are randomly generated and secretintegers modulo n, and preferably with at least one u_(i)≠0 for i>0 sothat G does not commute with A.
 27. A computer-readable medium havingcomputer-executable instructions for transmitting a message using apublic key system, comprising: finding two unique randomly chosen secretprime numbers p and q; generating a modulus n by using the product of pand q; generating matrices A and C of a predetermined matrix rank r witheach matrix element in the integers modulo n such that AC is not equalto CA; generating a matrix B by using the generated matrices A and Csuch that B CAC; generating a matrix G such that the generated matrix Gis in the same multiplicatively commutative subgroup as C; keeping thegenerated matrix C as a private key; forming a public key using thegenerated matrices A, B, and G, and the modulus n; publishing the formedpublic key for encrypting messages to be transmitted; obtaining thepublished public key including matrices A, B, G, and modulo n forencrypting a message to be transmitted; generating a first random secretmatrix D that is multiplicatively commutative with the obtained matrixG; generating a second secret matrix K such that K=DBD; generating amessage matrix E such that E=DAD; obtaining a message to be sentsecurely; encrypting the obtained message using a symmetric-keyalgorithm by using the generated second secret matrix K as the key;transmitting the generated message matrix E along with the encryptedmatrices; receiving a transmitted message matrix E along with theencrypted message; retrieving the second secret matrix K=CEC using thereceived message matrix E and the kept private key matrix C; anddecrypting the encrypted message using the retrieved second secretmatrix K with a symmetric-key decryption algorithm to decrypt thereceived encrypted message.
 28. The computer-readable medium of claim27, wherein the matrices A, B, C, and G are mathematically described asbelonging to a general linear group: GL(r, Z _(n)) wherein r is thematrix rank, and each matrix element is in the integers modulo n, andwhere an inverse matrix exists for each matrix in the group, and forwhich the group is closed under operations of matrix multiplication. 29.The computer-readable medium of claim 27, wherein generating the matrixG such that G is in the same multiplicatively commutative subgroup as C,comprises: generating the matrix G using the equation: G=C^(k) wherein kis a non-zero, even integer.
 30. The computer-readable medium of claim31, wherein generating the first random secret matrix D that ismultiplicatively commutative with the obtained matrix G, comprises:generating the first random secret matrix D using the equation:$D = {\sum\limits_{i = 0}^{r - 1}{v_{i}G^{i}}}$

wherein G⁰=I, the identity matrix with the same rank as G, and v_(i)form a set of r secret and independently random integers modulo n, andat least one v_(i)≠0 for i>0 so that D does not commute with A.
 31. Acomputer system for secure message transmission, comprising: aprocessor; an output device; and a storage device to store instructionsthat are executable by the processor to perform secure messagetransmission, comprising: finding two unique randomly chosen secretprime numbers p and q; generating a modulus n by using the product of pand q; generating matrices A and C of a predetermined matrix rank r witheach matrix element in the integers modulo n such that AC is not equalto CA; generating a matrix B by using the generated matrices A and Csuch that B=CAC; generating a matrix G such that the generated matrix Gis in the same multiplicatively commutative subgroup as C; keeping thegenerated matrix C as a private key; forming a public key using thegenerated matrices A, B, and G, and the modulus n; publishing the formedpublic key for encrypting messages to be transmitted; obtaining thepublished public key including matrices A, B, G, and modulo n forencrypting a message to be transmitted; generating a first random secretmatrix D that is multiplicatively commutative with the obtained matrixG; generating a second secret matrix K such that K=DBD; generating amessage matrix E such that E=DAD; obtaining a message to be sentsecurely; encrypting the obtained message using a symmetric-keyalgorithm by using the generated second secret matrix K as the key;transmitting the generated message matrix E along with the encryptedmatrices; receiving a transmitted message matrix E along with theencrypted message; retrieving the second secret matrix K=CEC using thereceived message matrix E and the kept private key matrix C; anddecrypting the encrypted message using the retrieved second secretmatrix K with a symmetric-key decryption algorithm to decrypt thereceived encrypted message.
 32. A cryptographic communication system,comprising: a receiver computing platform comprises: a processor togenerate two matrices A and C of rank r with each matrix element in theintegers modulo n such that AC does not equal to CA, wherein modulo n isobtained by using two unique randomly chosen secret prime numbers p andq, wherein r is a matrix rank of the two matrices A and C, wherein theprocessor generates a matrix B by using the generated matrices A and Csuch that B≡CAC, wherein the processor further generates a matrix G suchthat the generated matrix G is in the same multiplicatively commutativesubgroup as C, and wherein the processor publishes the generatedmatrices A, B, G, and modulo n and matrix rank r as the public key, andretains the generated matrix C as the private key; a sender coupled tothe receiver computing platform through a network comprises: an encoderto obtain the published matrices A, B, G, and modulo n and matrix rank rfor encrypting a message to be transmitted, wherein the encodergenerates a first random secret matrix D that is multiplicativelycommutative with the obtained matrix G, wherein the encoder generates asecond secret matrix K=DBD using the generated matrices B and D, whereinthe encoder generates a message matrix E=DAD using the generatedmatrices A and D, wherein the encoder obtains a message to be sentsecurely and encrypts the obtained message using a symmetric-keyalgorithm by using the generated second secret matrix K as the key, andwherein the encoder transmits the generated message matrix E along withthe encrypted message; and a receiver coupled to the sender through thenetwork and further coupled to the receiver computing platformcomprises: a decoder to receive the transmitted message matrix E and theencrypted message, wherein the decoder retrieves the second secretmatrix K=CEC using the received message matrix E and the kept matrix Cas the private key, and wherein the decoder decrypts the encryptedmessage uses the retrieved second secret matrix K with a symmetric-keydecryption algorithm to obtain the transmitted message.
 33. The systemof claim 32, wherein the matrices A, B, C, and G are mathematicallydescribed as belonging to a general linear group: GL(r, Z _(n)) whereinr is the matrix rank, and each matrix element is in the integers modulon, and where an inverse matrix exists for each matrix in the group, andfor which the group is closed under operations of matrix multiplication.34. The system of claim 32, wherein the matrix rank r is greater than orequal to
 2. 35. The system of claim 32, wherein the processor generatesthe matrix G using the equation: G=C^(k) wherein k is a non-zero, eveninteger.
 36. A system for secure messages transmission, comprising: afirst entity computing platform comprises: a processor to generate twomatrices A and C of a predetermined matrix rank r and with each matrixelement in the integers modulo n such that AC does not equal to CA,wherein modulo n is obtained by using two unique randomly chosen secretprime numbers p and q, wherein r is a matrix rank of the two matrices Aand C, wherein the processor generates a matrix B by using the generatedmatrices A and C such that B=CAC, wherein the processor furthergenerates a matrix G such that the generated matrix G is in the samemultiplicatively commutative subgroup as C, and wherein the processorpublishes the generated matrices A, B, G, and modulo n as the publickey, and retains the generated matrix C as the private key; a secondentity desiring to send a secure message is coupled to the first entitycomputing platform through a network comprises: an encoder to obtain thepublished matrices A, B, G, and modulo n for encrypting a message to betransmitted, wherein the encoder generates a first random secret matrixD that is multiplicatively commutative with the obtained matrix G,wherein the encoder generates a second secret matrix K using thegenerated matrices B and D, wherein the encoder generates a messagematrix E=DAD using the generated matrices A and D, wherein the encoderobtains a message to be sent securely and encrypts the obtained messageusing a symmetric-key algorithm by using the generated second secretmatrix K as the key, and wherein the encoder transmits the generatedmessage matrix E along with the encrypted message; and a first entitydesiring to receive the encrypted message is coupled to the secondentity through the network and further coupled to the first entitycomputing platform comprises: a decoder to receive the transmittedmessage matrix E and the encrypted message, wherein the decoderretrieves the second secret matrix K=CEC using the received messagematrix E and the kept matrix C as the private key, and wherein thedecoder decrypts the encrypted message using the retrieved second secretmatrix K with a symmetric-key decryption algorithm to obtain thetransmitted message.
 37. The system of claim 36, wherein the networkcomprises a network selected from the group consisting of LAN and WAN.38. The system of claim 36, wherein the predetermined matrix rank r ofthe generated matrices A and C is assumed to be a known integer valuegreater than or equal to
 2. 39. The system of claim 36, wherein thematrices A, B, C, and G are mathematically described as belonging to ageneral linear group: GL(r, Z_(n)) wherein r is the matrix rank, andeach matrix element is in the integers modulo n, and where an inversematrix exists for each matrix in the group, and for which the group isclosed under operations of matrix multiplication.
 40. The system ofclaim 36, wherein the first entity computing platform generates thematrix G using the equation:$G = {\sum\limits_{i = 0}^{r - 1}{u_{i}C^{i}}}$

wherein each of the r values of u, are randomly generated and secretintegers modulo n, and preferably with at least one u_(i)≠0 for i>0 sothat G does not commute with A.
 41. The system of claim 36, wherein thesecond entity generates the first random secret matrix D using theequation: $D = {\sum\limits_{i = 0}^{r - 1}{v_{i}G^{i}}}$

wherein G⁰=I, the identity matrix with the same rank as G, and v, form aset of r secret and independently random integers modulo n, and at leastone v_(i)≠0 for i>0 so that D does not commute with A.